diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 06:03:02 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 06:03:02 +0000 |
commit | 4897093455a2bf08f3db3a1132cc2f6f5484d77c (patch) | |
tree | 9e6373544263f003139431fb4b08f9766e1ed530 /utils/statd/monitor.c | |
parent | Initial commit. (diff) | |
download | nfs-utils-4897093455a2bf08f3db3a1132cc2f6f5484d77c.tar.xz nfs-utils-4897093455a2bf08f3db3a1132cc2f6f5484d77c.zip |
Adding upstream version 1:2.6.4.upstream/1%2.6.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'utils/statd/monitor.c')
-rw-r--r-- | utils/statd/monitor.c | 399 |
1 files changed, 399 insertions, 0 deletions
diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c new file mode 100644 index 0000000..c76589c --- /dev/null +++ b/utils/statd/monitor.c @@ -0,0 +1,399 @@ +/* + * Copyright (C) 1995-1999 Jeffrey A. Uphoff + * Major rewrite by Olaf Kirch, Dec. 1996. + * Modified by H.J. Lu, 1998. + * Tighter access control, Olaf Kirch June 1999. + * + * NSM for Linux. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <fcntl.h> +#include <limits.h> +#include <netdb.h> +#include <string.h> +#include <unistd.h> +#include <sys/stat.h> +#include <errno.h> +#include <arpa/inet.h> +#include <dirent.h> + +#include "sockaddr.h" +#include "rpcmisc.h" +#include "nsm.h" +#include "statd.h" +#include "notlist.h" +#include "ha-callout.h" + +notify_list * rtnl = NULL; /* Run-time notify list. */ + +/* + * Reject requests from non-loopback addresses in order + * to prevent attack described in CERT CA-99.05. + * + * Although the kernel contacts the statd service via only IPv4 + * transports, the statd service can receive other requests, such + * as SM_NOTIFY, from remote peers via IPv6. + */ +static _Bool +caller_is_localhost(struct svc_req *rqstp) +{ + struct sockaddr *sap = nfs_getrpccaller(rqstp->rq_xprt); + char buf[INET6_ADDRSTRLEN]; + + if (!nfs_is_v4_loopback(sap)) + goto out_nonlocal; + return true; + +out_nonlocal: + if (!statd_present_address(sap, buf, sizeof(buf))) + buf[0] = '\0'; + xlog_warn("SM_MON/SM_UNMON call from non-local host %s", buf); + return false; +} + +/* + * Services SM_MON requests. + */ +struct sm_stat_res * +sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) +{ + static sm_stat_res result; + char *mon_name = argp->mon_id.mon_name, + *my_name = argp->mon_id.my_id.my_name; + struct my_id *id = &argp->mon_id.my_id; + char *cp; + notify_list *clnt = NULL; + struct sockaddr_in my_addr = { + .sin_family = AF_INET, + .sin_addr.s_addr = htonl(INADDR_LOOPBACK), + }; + char *dnsname = NULL; + int existing = 0; + + xlog(D_CALL, "Received SM_MON for %s from %s", mon_name, my_name); + + /* Assume that we'll fail. */ + result.res_stat = STAT_FAIL; + result.state = -1; /* State is undefined for STAT_FAIL. */ + + /* 1. Reject any remote callers. + * Ignore the my_name specified by the caller, and + * use "127.0.0.1" instead. + */ + if (!caller_is_localhost(rqstp)) + goto failure; + + /* 2. Reject any registrations for non-lockd services. + * + * This is specific to the linux kernel lockd, which + * makes the callback procedure part of the lockd interface. + * It is also prone to break when lockd changes its callback + * procedure number -- which, in fact, has now happened once. + * There must be a better way.... XXX FIXME + */ + if (id->my_prog != 100021 || + (id->my_proc != 16 && id->my_proc != 24)) + { + xlog_warn("Attempt to register callback to %d/%d", + id->my_prog, id->my_proc); + goto failure; + } + + /* + * Check hostnames. If I can't look them up, I won't monitor. This + * might not be legal, but it adds a little bit of safety and sanity. + */ + + /* must check for /'s in hostname! See CERT's CA-96.09 for details. */ + if (strchr(mon_name, '/') || mon_name[0] == '.') { + xlog(L_ERROR, "SM_MON request for hostname containing '/' " + "or starting '.': %s", mon_name); + xlog(L_ERROR, "POSSIBLE SPOOF/ATTACK ATTEMPT!"); + goto failure; + } + + /* my_name must not have white space */ + for (cp=my_name ; *cp ; cp++) + if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n') + *cp = '_'; + + /* + * Hostnames checked OK. + * Now choose a hostname to use for matching. We cannot + * really trust much in the incoming NOTIFY, so to make + * sure that multi-homed hosts work nicely, we get an + * FQDN now, and use that for matching. + */ + dnsname = statd_canonical_name(mon_name); + if (dnsname == NULL) { + xlog(L_WARNING, "No canonical hostname found for %s", mon_name); + goto failure; + } + + /* Now check to see if this is a duplicate, and warn if so. + * I will also return STAT_FAIL. (I *think* this is how I should + * handle it.) + * + * Olaf requests that I allow duplicate SM_MON requests for + * hosts due to the way he is coding lockd. No problem, + * I'll just do a quickie success return and things should + * be happy. + */ + clnt = rtnl; + + while ((clnt = nlist_gethost(clnt, mon_name, 0))) { + if (statd_matchhostname(NL_MY_NAME(clnt), my_name) && + NL_MY_PROC(clnt) == id->my_proc && + NL_MY_PROG(clnt) == id->my_prog && + NL_MY_VERS(clnt) == id->my_vers) { + if (memcmp(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE)) { + xlog(D_GENERAL, + "Received SM_MON request with new " + "cookie for %s from procedure on %s", + mon_name, my_name); + + existing = 1; + break; + } else { + /* Hey! We already know you guys! */ + xlog(D_GENERAL, + "Duplicate SM_MON request for %s " + "from procedure on %s", + mon_name, my_name); + + /* But we'll let you pass anyway. */ + free(dnsname); + goto success; + } + } + clnt = NL_NEXT(clnt); + } + + /* + * We're committed...ignoring errors. Let's hope that a malloc() + * doesn't fail. (I should probably fix this assumption.) + */ + if (!existing && !(clnt = nlist_new(my_name, mon_name, 0))) { + free(dnsname); + xlog_warn("out of memory"); + goto failure; + } + + NL_MY_PROG(clnt) = id->my_prog; + NL_MY_VERS(clnt) = id->my_vers; + NL_MY_PROC(clnt) = id->my_proc; + memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE); + clnt->dns_name = dnsname; + + /* + * Now, Create file on stable storage for host, first deleting any + * existing records on file. + */ + nsm_delete_monitored_host(dnsname, mon_name, my_name, 0); + + if (!nsm_insert_monitored_host(dnsname, + (struct sockaddr *)(char *)&my_addr, argp)) { + nlist_free(existing ? &rtnl : NULL, clnt); + goto failure; + } + + /* PRC: do the HA callout: */ + ha_callout("add-client", mon_name, my_name, -1); + if (!existing) + nlist_insert(&rtnl, clnt); + xlog(D_GENERAL, "MONITORING %s for %s", mon_name, my_name); + success: + result.res_stat = STAT_SUCC; + /* SUN's sm_inter.x says this should be "state number of local site". + * X/Open says '"state" will be contain the state of the remote NSM.' + * href=http://www.opengroup.org/onlinepubs/9629799/SM_MON.htm + * Linux lockd currently (2.6.21 and prior) ignores whatever is + * returned, and given the above contraction, it probably always will.. + * So we just return what we always returned. If possible, we + * have already told lockd about our state number via a sysctl. + * If lockd wants the remote state, it will need to + * use SM_STAT (and prayer). + */ + result.state = MY_STATE; + return (&result); + +failure: + xlog_warn("STAT_FAIL to %s for SM_MON of %s", my_name, mon_name); + free(clnt); + return (&result); +} + +static unsigned int +load_one_host(const char *hostname, + __attribute__ ((unused)) const struct sockaddr *sap, + const struct mon *m, + __attribute__ ((unused)) const time_t timestamp) +{ + notify_list *clnt; + + clnt = nlist_new(m->mon_id.my_id.my_name, + m->mon_id.mon_name, 0); + if (clnt == NULL) + return 0; + + clnt->dns_name = strdup(hostname); + if (clnt->dns_name == NULL) { + nlist_free(NULL, clnt); + free(clnt); + return 0; + } + + xlog(D_GENERAL, "Adding record for %s to the monitor list...", + hostname); + + NL_MY_PROG(clnt) = m->mon_id.my_id.my_prog; + NL_MY_VERS(clnt) = m->mon_id.my_id.my_vers; + NL_MY_PROC(clnt) = m->mon_id.my_id.my_proc; + memcpy(NL_PRIV(clnt), m->priv, SM_PRIV_SIZE); + + nlist_insert(&rtnl, clnt); + return 1; +} + +void load_state(void) +{ + unsigned int count; + + count = nsm_load_monitor_list(load_one_host); + if (count) + xlog(D_GENERAL, "Loaded %u previously monitored hosts", count); +} + +/* + * Services SM_UNMON requests. + * + * There is no statement in the X/Open spec's about returning an error + * for requests to unmonitor a host that we're *not* monitoring. I just + * return the state of the NSM when I get such foolish requests for lack + * of any better ideas. (I also log the "offense.") + */ +struct sm_stat * +sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp) +{ + static sm_stat result; + notify_list *clnt; + char *mon_name = argp->mon_name, + *my_name = argp->my_id.my_name; + struct my_id *id = &argp->my_id; + char *cp; + + xlog(D_CALL, "Received SM_UNMON for %s from %s", mon_name, my_name); + + result.state = MY_STATE; + + if (!caller_is_localhost(rqstp)) + goto failure; + + /* my_name must not have white space */ + for (cp=my_name ; *cp ; cp++) + if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n') + *cp = '_'; + + + /* Check if we're monitoring anyone. */ + if (rtnl == NULL) { + xlog_warn("Received SM_UNMON request from %s for %s while not " + "monitoring any hosts", my_name, argp->mon_name); + return (&result); + } + clnt = rtnl; + + /* + * OK, we are. Now look for appropriate entry in run-time list. + * There should only be *one* match on this, since I block "duplicate" + * SM_MON calls. (Actually, duplicate calls are allowed, but only one + * entry winds up in the list the way I'm currently handling them.) + */ + while ((clnt = nlist_gethost(clnt, mon_name, 0))) { + if (statd_matchhostname(NL_MY_NAME(clnt), my_name) && + NL_MY_PROC(clnt) == id->my_proc && + NL_MY_PROG(clnt) == id->my_prog && + NL_MY_VERS(clnt) == id->my_vers) { + /* Match! */ + xlog(D_GENERAL, "UNMONITORING %s for %s", + mon_name, my_name); + + /* PRC: do the HA callout: */ + ha_callout("del-client", mon_name, my_name, -1); + + nsm_delete_monitored_host(clnt->dns_name, + mon_name, my_name, 1); + nlist_free(&rtnl, clnt); + + return (&result); + } else + clnt = NL_NEXT(clnt); + } + + failure: + xlog_warn("Received erroneous SM_UNMON request from %s for %s", + my_name, mon_name); + return (&result); +} + + +struct sm_stat * +sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp) +{ + short int count = 0; + static sm_stat result; + notify_list *clnt; + char *my_name = argp->my_name; + + xlog(D_CALL, "Received SM_UNMON_ALL for %s", my_name); + + if (!caller_is_localhost(rqstp)) + goto failure; + + result.state = MY_STATE; + + if (rtnl == NULL) { + xlog_warn("Received SM_UNMON_ALL request from %s " + "while not monitoring any hosts", my_name); + return (&result); + } + clnt = rtnl; + + while ((clnt = nlist_gethost(clnt, my_name, 1))) { + if (NL_MY_PROC(clnt) == argp->my_proc && + NL_MY_PROG(clnt) == argp->my_prog && + NL_MY_VERS(clnt) == argp->my_vers) { + /* Watch stack! */ + char mon_name[SM_MAXSTRLEN + 1]; + notify_list *temp; + + xlog(D_GENERAL, + "UNMONITORING (SM_UNMON_ALL) %s for %s", + NL_MON_NAME(clnt), NL_MY_NAME(clnt)); + strncpy(mon_name, NL_MON_NAME(clnt), + sizeof (mon_name) - 1); + mon_name[sizeof (mon_name) - 1] = '\0'; + temp = NL_NEXT(clnt); + /* PRC: do the HA callout: */ + ha_callout("del-client", mon_name, my_name, -1); + nsm_delete_monitored_host(clnt->dns_name, + mon_name, my_name, 1); + nlist_free(&rtnl, clnt); + ++count; + clnt = temp; + } else + clnt = NL_NEXT(clnt); + } + + if (!count) { + xlog(D_GENERAL, "SM_UNMON_ALL request from %s with no " + "SM_MON requests from it", my_name); + } + + failure: + return (&result); +} |